Secunia - Stay Secure
Gartner
Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
Software Inspectors
  Scan Online
  Personal (PSI)
  Network (NSI 2.0)

Solutions For
  Security Professionals
  Security Vendors

Free Solutions For
  Open Communities
  Journalists & Media

Secunia Advisories
  Search
  Historic Advisories
  Listed By Product
  Listed By Vendor
  Statistics / Graphs
  Secunia Research
  Report Vulnerability
  About Advisories

Virus Information
  Chronological List
  Last 10 Virus Alerts
  About Virus Information

Secunia Customers
  Customer Area


Secunia Research

About Secunia Research

The Secunia Research team is comprised of a number of people from the Secunia IT security staff who besides testing, verifying, and validating public vulnerability reports, also conduct their own vulnerability research in various products.

A complete listing of current Secunia Research vulnerability reports can be found below.

Note: All vulnerabilities discovered by Secunia Research are reported directly to the vendors in a responsible manner, giving the vendor two weeks to reply with a confirmation and details about the expected release date for the security update. Secunia always waits for the security update as long as the vendor keeps a reasonable time frame for issuing the update and actively co-operates with the Secunia Research team.


Secunia Research - 2008
2008-30 Novell - RESERVED - Pending Disclosure
2008-29 VLC Media Player WAV Processing Integer Overflow
2008-28 N/A - RESERVED - Pending Disclosure
2008-27 Novell - RESERVED - Pending Disclosure
2008-26 Motion "read_client()" HTTP Request Buffer Overflow
2008-25 imlib2 PNM and XPM Buffer Overflows
2008-24 XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow
2008-23 Evolution iCalendar "DESCRIPTION" Property Buffer Overflow
2008-22 Evolution iCalendar Timezone Buffer Overflow
2008-21 Microsoft - RESERVED - Pending Disclosure
2008-20 Samba "receive_smb_raw()" Buffer Overflow Vulnerability
2008-19 Akamai Red Swoosh Cross-Site Request Forgery
2008-18 Foxit Reader "util.printf()" Buffer Overflow
2008-17 Danske Bank - RESERVED - Pending Disclosure
2008-16 Blender "imb_loadhdr()" Buffer Overflow Vulnerability
2008-15 TorrentTrader Multiple SQL Injection Vulnerabilities
2008-14 Adobe - RESERVED - Pending Disclosure
2008-13 HP - RESERVED - Pending Disclosure
2008-12 Lotus Notes kvdocve.dll Path Processing Buffer Overflow
2008-11 ClamAV Upack Processing Buffer Overflow Vulnerability
2008-10 xine-lib "sdpplin_parse()" Array Indexing Vulnerability
2008-9 Apple QuickTime PICT Image Parsing Buffer Overflow
2008-8 Evolution Encrypted Message Format String Vulnerability
2008-7 uTorrent / BitTorrent Web UI HTTP "Range" Header DoS
2008-6 XnView Slideshow "FontName" Buffer Overflow Vulnerability
2008-5 Orb Networks Orb Variant Array Parsing Buffer Overflow
2008-4 HP OpenView Network Node Manager OpenView5.exe Directory Traversal
2008-3 Lotus Notes htmsr.dll Buffer Overflows
2008-2 Winamp Ultravox Streaming Metadata Parsing Buffer Overflows
2008-1 XnView, NConvert, and GFL SDK Radiance RGBE Buffer Overflow


Secunia Research - 2007
2007-107 Lotus Notes Folio Flat File Parsing Buffer Overflows
2007-106 activePDF DocConverter Folio Flat File Parsing Buffer Overflows
2007-105 Symantec Mail Security Folio Flat File Parsing Buffer Overflows
2007-104 Autonomy Keyview Folio Flat File Parsing Buffer Overflows
2007-103 Adobe Flash Player "Declare Function (V7)" Heap Overflow
2007-102 IMP Mail Deletion Security Bypass Vulnerability
2007-101 Symantec Backup Exec Calendar Control Multiple Vulnerabilities
2007-100 Internet Explorer Data Stream Handling Vulnerability
2007-99 Samba "send_mailslot()" Buffer Overflow Vulnerability
2007-98 Symantec Mail Security Applix Graphics Parsing Vulnerabilities
2007-97 activePDF DocConverter Applix Graphics Parsing Vulnerabilities
2007-96 Lotus Notes Applix Graphics Parsing Vulnerabilities
2007-95 Autonomy Keyview Applix Graphics Parsing Vulnerabilities
2007-94 Layton HelpBox Multiple Vulnerabilities
2007-93 RealPlayer SWF Frame Handling Buffer Overflow
2007-92 Lotus Notes EML Reader Buffer Overflows
2007-91 Autonomy Keyview EML Reader Buffer Overflows
2007-90 Samba "reply_netbios_packet()" Buffer Overflow Vulnerability
2007-89 Miranda "ext_yahoo_contact_added()" Format String Vulnerability
2007-88 Xpdf "Stream.cc" Multiple Vulnerabilities
2007-87 activePDF Server Packet Handling Buffer Overflow
2007-86 REVOKED
2007-85 REVOKED
2007-84 HP - RESERVED - Pending Disclosure
2007-83 HP - RESERVED - Pending Disclosure
2007-82 CA - RESERVED - Pending Disclosure
2007-81 IPSwitch IMail Server IMail Client Buffer Overflow
2007-80 Adobe - RESERVED - Pending Disclosure
2007-79 AbiWord Link Grammar "separate_sentence()" Buffer Overflow
2007-78 Link Grammar "separate_sentence()" Buffer Overflow
2007-77 Microsoft - RESERVED - Pending Disclosure
2007-76 CUPS IPP Tags Memory Corruption Vulnerability
2007-75 IBM Tivoli Storage Manager Client CAD Service Script Insertion
2007-74 Symantec Backup Exec Job Engine Denial of Service
2007-73 ACDSee Products Image and Archive Plug-ins Buffer Overflows
2007-72 Microsoft - RESERVED - Pending Disclosure
2007-71 IrfanView Palette File Importing Buffer Overflow Vulnerability
2007-70 Sylpheed / Sylpheed-Claws POP3 Format String Vulnerability
2007-69 McAfee E-Business Server Auth Packet Handling Buffer Overflow
2007-68 Qtpfsgui "readRadianceHeader()" Buffer Overflow Vulnerability
2007-67 pfstools "readRadianceHeader()" Buffer Overflow Vulnerability
2007-66 Vim "helptags" Command Format String Vulnerability
2007-65 Microsoft Excel rtWnDesk Record Memory Corruption Vulnerability
2007-64 Blue Coat - RESERVED - Pending Disclosure
2007-63 Gimp PSD Plugin Integer Overflow Vulnerability
2007-62 CA BrightStor ARCserve Backup RPC Argument Parsing Vulnerabilities
2007-61 Blue Coat - RESERVED - Pending Disclosure
2007-60 Numara Asset Manager Insecure File Permissions
2007-59 Symantec Discovery Insecure File Permissions
2007-58 Centennial Discovery Insecure File Permissions
2007-57 Novell Client NWSPOOL.DLL Buffer Overflow Vulnerabilities
2007-56 KVIrc irc:// URI Handler Command Execution Vulnerability
2007-55 MPlayer CDDB Parsing Buffer Overflow
2007-54 eScan Products Agent Service Command Decryption Buffer Overflow
2007-53 Symantec Products NavComUI ActiveX Control Code Execution
2007-52 Apple QuickTime Java Extension Code Execution
2007-51 VCDGear Cue File Parsing Buffer Overflow Vulnerabilities
2007-50 BearShare NCTAudioFile2 ActiveX Control Buffer Overflow
2007-49 CA BrightStor ARCserve Backup RPC String Buffer Overflow
2007-48 Symantec Mail Security for SMTP Boundary Errors
2007-47 XMMS Integer Overflow and Underflow Vulnerabilities
2007-46 CinePlayer SonicDVDDashVRNav.dll Buffer Overflow Vulnerability
2007-45 eScan Products Agent Service Missing User Authentication
2007-44 Evolution Shared Memo Categories Format String Vulnerability
2007-43 Numara Asset Manager XferWan.exe Packet Parsing Buffer Overflows
2007-42 Symantec Discovery XferWan.exe Packet Parsing Buffer Overflows
2007-41 Centennial Discovery XferWan.exe Packet Parsing Buffer Overflows
2007-40 kmz_ImportWithMesh.py Script for Blender Command Injection
2007-39 Blender KML/KMZ Import Command Injection Vulnerability
2007-38 MailEnable Web Mail Client Multiple Vulnerabilities
2007-37 InterActual Player / CinePlayer IASystemInfo.dll ActiveX Control Buffer Overflow
2007-36 Internet Explorer HTML Objects Memory Corruption Vulnerability
2007-35 Microsoft - RESERVED - Pending Disclosure
2007-34 Cool Audio Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-33 Altdo Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-32 NextLevel Systems Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-31 Internet Explorer File Download Handling Memory Corruption
2007-30 MP3 WAV Converter NCTAudioFile2 ActiveX Control Buffer Overflow
2007-29 McFunSoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-28 RecordNRip NCTAudioFile2 ActiveX Control Buffer Overflow
2007-27 Easy Ringtone Maker NCTAudioFile2 ActiveX Control Buffer Overflow
2007-26 Absolute Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-25 Xrlly Software NCTAudioFile2 ActiveX Control Buffer Overflow
2007-24 DanDans Digital Media Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-23 Power Audio Editor NCTAudioFile2 ActiveX Control Buffer Overflow
2007-22 Mystik Media Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-21 Cheetah CD/DVD Burner NCTAudioFile2 ActiveX Control Buffer Overflow
2007-20 Virtual CD Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-19 Joshua Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-18 Audio Edit Magic NCTAudioFile2 ActiveX Control Buffer Overflow
2007-17 Roemer Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-16 MP3 Normalizer NCTAudioFile2 ActiveX Control Buffer Overflow
2007-15 Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow
2007-14 SoftDiv Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-13 Movavi Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-12 Code-it Software Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-11 CDBurnerXP Pro NCTAudioFile2 ActiveX Control Buffer Overflow
2007-10 RMBSoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-9 Quikscribe Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-8 iMesh NCTAudioFile2 ActiveX Control Buffer Overflow
2007-7 EXPStudio Audio Editor NCTAudioFile2 ActiveX Control Buffer Overflow
2007-6 J. Hepple Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-5 DB Audio Mixer And Editor NCTAudioFile2 ActiveX Control Buffer Overflow
2007-4 Aurora Media Workshop NCTAudioFile2 ActiveX Control Buffer Overflow
2007-3 Magic Video Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-2 NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow
2007-1 Internet Explorer 7 "onunload" Event Spoofing Vulnerability


Secunia Research - 2006
2006-76 The Address Book Multiple Vulnerabilities
2006-75 MailEnable POP Service "PASS" Command Buffer Overflow
2006-74 Microsoft Agent URL Parsing Memory Corruption Vulnerability
2006-73 MailEnable IMAP Service Buffer Overflow Vulnerability
2006-72 PentaZip Archive Handling Vulnerabilities
2006-71 MailEnable IMAP Service Two Vulnerabilities
2006-70 Borland Products idsql32.dll Buffer Overflow Vulnerability
2006-69 AOL CDDBControl ActiveX Control "SetClientInfo()" Buffer Overflow
2006-68 PassGo SSO Plus Insecure Default Directory Permissions
2006-67 MDaemon Insecure Default Directory Permissions
2006-66 Safari JavaScript Read Access to Protected Variable
2006-65 Joomla BSQ Sitestats Script Insertion and SQL Injection
2006-64 Panda ActiveScan Multiple Vulnerabilities
2006-63 Joomla BSQ Sitestats Component Multiple Vulnerabilities
2006-62 Tagger LE PHP "eval()" Injection Vulnerabilities
2006-61 CJ Tag Board PHP Code Injection Vulnerabilities
2006-60 3Com OfficeConnect Secure Router Cross-Site Scripting
2006-59 My Firewall Plus Privilege Escalation Vulnerability
2006-58 Internet Explorer Script Error Handling Memory Corruption
2006-57 Jetbox Multiple Vulnerabilities
2006-56 AutoVue SolidModel Professional Buffer Overflow Vulnerability
2006-55 FileCOPA Directory Argument Handling Buffer Overflow
2006-54 Microsoft Windows Object Packager Dialog Spoofing
2006-53 Mozilla Firefox XPCOM Event Handling Memory Corruption
2006-52 CMS Mundo SQL Injection Vulnerabilities
2006-51 PC Tools AntiVirus Insecure Default Directory Permissions
2006-50 ZipTV ARJ Archive Handling and unacev2.dll Buffer Overflows
2006-49 Opera SSL Certificate "Stealing" Weakness
2006-48 WinGate IMAP Commands Directory Traversal Vulnerability
2006-47 phpRaid SQL Injection and File Inclusion Vulnerabilities
2006-46 BitZipper unacev2.dll Buffer Overflow Vulnerability
2006-45 jetAudio ID Tag Handling Buffer Overflow Vulnerability
2006-44 DeluxeBB SQL Injection and File Inclusion Vulnerabilities
2006-43 CMS Mundo SQL Injection and File Upload Vulnerabilities
2006-42 PicoZip "zipinfo.dll" Multiple Archives Buffer Overflow
2006-41 Internet Explorer Exception Handling Memory Corruption Vulnerability
2006-40 MyBB "domecode()" PHP Code Execution Vulnerability
2006-39 SelectaPix Cross-Site Scripting and SQL Injection Vulnerabilities
2006-38 AutoMate unacev2.dll Buffer Overflow Vulnerability
2006-37 Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities
2006-36 Rising Antivirus unacev2.dll Buffer Overflow Vulnerability
2006-35 ZipCentral ZIP File Handling Buffer Overflow Vulnerability
2006-34 CAM UnZip ZIP File Handling Buffer Overflow Vulnerability
2006-33 Eazel unacev2.dll Buffer Overflow Vulnerability
2006-32 IZArc unacev2.dll Buffer Overflow Vulnerability
2006-31 Abakt ZIP File Handling Buffer Overflow Vulnerability
2006-30 FilZip unacev2.dll Buffer Overflow Vulnerability
2006-29 UltimateZip unacev2.dll Buffer Overflow Vulnerability
2006-28 Where Is It unacev2.dll Buffer Overflow Vulnerability
2006-27 Anti-Trojan unacev2.dll Buffer Overflow Vulnerability
2006-26 TZipBuilder ZIP File Handling Buffer Overflow Vulnerability
2006-25 WinHKI unacev2.dll Buffer Overflow Vulnerability
2006-24 Servant Salamander unacev2.dll Buffer Overflow Vulnerability
2006-23 SpeedProject Products ACE Archive Handling Buffer Overflow
2006-22 Blazix Web Server JSP Source Code Disclosure Vulnerability
2006-21 AN HTTPD Script Source Disclosure Vulnerability
2006-20 Xeneo Web Server Script Source Disclosure Vulnerability
2006-19 Quick 'n Easy/Baby Web Server ASP Code Disclosure Vulnerability
2006-18 BlueDragon Server Cross-Site Scripting and Denial of Service
2006-17 NOD32 Scheduled Scan Privilege Escalation Vulnerability
2006-16 unalz Filename Handling Directory Traversal Vulnerability
2006-15 RaidenHTTPD Script Source Disclosure Vulnerability
2006-14 VisNetic Mail Server Two File Inclusion Vulnerabilities
2006-13 Dwarf HTTP Server Source Disclosure and Cross-Site Scripting
2006-12 IceWarp Web Mail Two File Inclusion Vulnerabilities
2006-11 Orion Application Server JSP Source Disclosure Vulnerability
2006-10 NetworkActiv Web Server Script Source Disclosure Vulnerability
2006-9 Lighttpd Script Source Disclosure Vulnerability
2006-8 AOL Insecure Default Directory Permissions
2006-7 Microsoft Internet Explorer "createTextRange()" Code Execution
2006-6 ArGoSoft Mail Server Pro viewheaders Script Insertion
2006-5 NJStar Word Processor Font Name Buffer Overflow
2006-4 Macallan Mail Solution IMAP Commands Directory Traversal
2006-3 NeoMail neomail-prefs.pl Missing Session ID Validation
2006-2 @Mail Webmail Attachment Upload Directory Traversal
2006-1 E-Post Mail Server Products Multiple Vulnerabilities


Secunia Research - 2005
2005-53 WinRAR Format String and Buffer Overflow Vulnerabilities
2005-52 PHP-Fusion Two SQL Injection Vulnerabilities
2005-51 MySource Cross-Site Scripting and File Inclusion Vulnerabilities
2005-50 PowerArchiver ACE/ARJ Archive Handling Buffer Overflow
2005-49 ALZip Multiple Archive Handling Buffer Overflow
2005-48 AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow
2005-47 HAURI Anti-Virus ALZ Archive Handling Buffer Overflow
2005-46 Mantis "t_core_path" File Inclusion Vulnerability
2005-45 7-Zip ARJ Archive Handling Buffer Overflow
2005-44 SqWebMail Conditional Comments Script Insertion Vulnerability
2005-43 AVIRA Antivirus ACE Archive Handling Buffer Overflow
2005-42 Opera Mail Client Attachment Spoofing and Script Insertion
2005-41 ALZip ACE Archive Handling Buffer Overflow
2005-40 NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow
2005-39 SqWebMail HTML Emails Script Insertion Vulnerability
2005-38 IBM Lotus Domino iNotes Client Script Insertion Vulnerabilities
2005-37 Lotus Notes ZIP File Handling Buffer Overflow
2005-36 Lotus Notes UUE File Handling Buffer Overflow
2005-35 SqWebMail Attached File Script Insertion Vulnerability
2005-34 Lotus Notes TAR Reader File Extraction Buffer Overflow
2005-33 HAURI Anti-Virus ACE Archive Handling Buffer Overflow
2005-32 Lotus Notes HTML Speed Reader Link Buffer Overflows
2005-31 NetworkActiv Web Server Cross-Site Scripting Vulnerability
2005-30 Lotus Notes Multiple Archive Handling Directory Traversal
2005-29 IBM Lotus Notes Insecure Default Folder Permissions
2005-28 Adobe Document/Graphics Server File URI Resource Access
2005-28 Adobe Document/Graphics Server File URI Resource Access
2005-27 MDaemon Content Filter Directory Traversal Vulnerability
2005-26 Gossamer Threads Links Script Insertion Vulnerabilities
2005-25 Opera Download Dialog Spoofing Vulnerability
2005-24 HAURI Anti-Virus Compressed Archive Directory Traversal
2005-23 Novell NetMail NMAP Agent "USER" Buffer Overflow Vulnerability
2005-22 Mozilla Thunderbird Attachment Spoofing Vulnerability
2005-21 Internet Explorer Suppressed "Download Dialog" Vulnerability
2005-20 avast! Antivirus ACE File Handling Two Vulnerabilities
2005-19 Opera Suppressed "Download Dialog" Vulnerability
2005-18 Opera Image Dragging Vulnerability
2005-17 Ahnlab V3 Antivirus Multiple Vulnerabilities
2005-16 Netscape Property Manipulation Cross-Site Scripting
2005-15 Mozilla / Firefox Property Manipulation Cross-Site Scripting
2005-14 WhatsUp Small Business Report Service Directory Traversal
2005-13 WhatsUp Professional "Login.asp" SQL Injection
2005-12 Safari Dialog Origin Spoofing Vulnerability
2005-11 Mozilla Products Dialog Origin Spoofing Vulnerability
2005-10 Webroot Desktop Firewall Two Vulnerabilities
2005-9 Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability
2005-8 Opera Dialog Origin Spoofing Vulnerability
2005-7 Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability
2005-6 Adobe Reader for Linux Insecure Temporary File Creation
2005-5 Opera "javascript:" URLs Cross-Site Scripting
2005-4 Opera 8 XMLHttpRequest Security Bypass
2005-3 Mathopd Insecure Dump File Creation Vulnerability
2005-2 Yahoo! Messenger File Transfer Filename Spoofing
2005-1 Konqueror Download Dialog Source Spoofing


Secunia Research - 2004
2004-21 Mozilla / Firefox "Save Link As" Download Dialog Spoofing
2004-20 My Firewall Plus Arbitrary File Corruption Vulnerability
2004-19 Opera Download Dialog Spoofing Vulnerability
2004-18 MercuryBoard "title" Script Insertion Vulnerability
2004-17 Ansel "image" SQL Injection and Script Insertion Vulnerabilities
2004-16 My Firewall Plus Privilege Escalation Vulnerability
2004-15 Mozilla / Mozilla Firefox Download Dialog Source Spoofing
2004-14 Spy Sweeper Enterprise Client Privilege Escalation
2004-13 Multiple Browsers Window Injection Vulnerability
2004-12 Microsoft Internet Explorer "createControlRange()" Memory Corruption
2004-11 Mozilla Firefox Download Dialog Spoofing Vulnerabilities
2004-10 Multiple Browsers Tabbed Browsing Vulnerabilities
2004-9 Pinnacle ShowCenter Skin File Cross-Site Scripting Vulnerability
2004-8 Microsoft Internet Explorer Multiple Vulnerabilities
2004-7 Sun Java Plug-In Predictable File Location Weaknes
2004-6 Yahoo! Messenger Audio Setup Wizard Privilege Escalation
2004-5 StarOffice / OpenOffice Insecure Temporary File Creation
2004-4 SquirrelMail Change_passwd Plugin Insecure Temporary File Creation
2004-3 GdkPixbuf BMP Image Handling Denial of Service Vulnerability
2004-2 Opera Browser Address Bar Spoofing
2004-1 IBM Net.Data Macro Name Cross-Site Scripting Vulnerability


Secunia Research - 2003
2003-6 BRS WebWeaver Error Page Cross-Site Scripting Vulnerability
2003-5 Xeneo Web Server URL Encoding Denial of Service
2003-4 Opera browser filename extension buffer overflows
2003-3 FTPServer/X Response Buffer Overflow Vulnerability
2003-2 Alexandria-dev / sourceforge multiple vulnerabilities
2003-1 Opera browser Cross Site Scripting








Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Do you think it's important to read Setup/User Guides for applications for use within your network?


See Results   


Most Popular Advisories

1.
RealNetworks RealPlayer SWF Frame Handling Buffer Overflow
2.
Sidewinder and CyberGuard DNS Cache Poisoning
3.
Citrix NetScaler DNS Cache Poisoning
4.
Blackboard Academic Suite Cross-Site Request Forgery Vulnerabilities
5.
BlueCat Networks Adonis DNS Cache Poisoning
6.
Ubuntu update for thunderbird
7.
Red Hat update for kernel
8.
OpenBSD BIND Query Port DNS Cache Poisoning
9.
Live Music Plus "id" SQL Injection Vulnerability
10.
Red Hat update for coreutils





Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia